Legal

Privacy Policy

Effective February 1, 2026 · Last updated June 22, 2026 · Operated by Helios Collective, Inc. (NOC-DRP-001)

Axiom is built to give you an institutional view of your own money without ever putting that money at risk. This policy explains what we collect, how we use it, how we protect it, and the control you keep over it.

Who we are

Axiom is operated by Helios Collective, Inc. ("Helios," "we," "us"), a Nova One Capital company. This policy applies to all data collected from or about users of the Axiom platform, including data obtained through third-party financial-data integrations.

Information we collect

  • Account & identity data — name, email, address, and single sign-on credentials.
  • Financial account data — linked account details, balances, positions, and transactions, accessed through our brokerage data-connectivity providers, SnapTrade and Plaid, depending on your broker.
  • Activity & audit logs — in-app actions, portfolio activity, and audit trails.
  • Authentication & access logs — login events, multi-factor records, and session tokens.
  • Support records — tickets and communications with our team.
  • Marketing preferences — email opt-ins and communication settings.
  • De-identified analytics — aggregated usage data that contains no personal information.

How we use your information

To operate and secure the platform, deliver portfolio analytics, provide support, comply with legal obligations, improve our products, and send communications you have opted into. We do not sell your personal data. We never place trades, move funds, or store your brokerage passwords.

How we protect it

Our security program (internal policy NOC-SEC-001) includes:

  • All data encrypted in transit using TLS 1.2 or higher, and sensitive data encrypted at rest using AES-256 or equivalent.
  • Brokerage links established via OAuth 2.0 / OIDC — you authenticate on your broker's own site; credentials are never stored in plain text.
  • Tokenization in place of raw financial credentials wherever possible.
  • Role-based access control (RBAC) and multi-factor authentication (MFA) for administrative access, with quarterly access reviews.
  • Production isolated from development, dependency scanning in CI/CD, and a documented incident-response plan with breach-notification procedures.

How long we keep it

We retain data only as long as necessary for legal, regulatory, and operational requirements:

Data categoryRetention period
Account & identity dataDuration of account + 3 years post-closure
Financial account dataDuration of active link + 2 years
Transaction & activity logs7 years
Authentication & access logs2 years
Customer support records3 years post-resolution
Marketing & communicationDuration of consent + 1 year
De-identified / aggregated dataIndefinite (no personal data)

Your rights

You may access, correct, or delete your personal data, and opt out of marketing at any time. You can disconnect any brokerage or delete your account and data in one click from within Axiom. Consumer deletion requests are honored as provided under applicable privacy law.

Regulatory compliance

This policy is designed to comply with applicable U.S. data privacy and financial recordkeeping laws, including the Gramm-Leach-Bliley Act (GLBA), the California Consumer Privacy Act (CCPA/CPRA), the Fair Credit Reporting Act (FCRA), and CAN-SPAM. It is reviewed at least annually.

Children

Axiom is intended for users 18 and older and is not directed to children.

Changes & contact

We may update this policy as our practices or the regulatory landscape change; material changes will be posted here. Questions or requests? Reach us via the contact page.